# Routes module

# 暴露子模块，便于 app.py 导入
from . import auth, todos, agents, notes, about, github_trending, ai_dairy, excel_viewer, email_accounts, email_messages

# 可选：RBAC 装饰器实现
try:
    from flask import jsonify
    from flask_jwt_extended import jwt_required, get_jwt_identity
    from models import Role, UserRole, db

    def require_roles(*roles):
        def decorator(fn):
            @jwt_required()
            def wrapper(*args, **kwargs):
                try:
                    current_user_id = int(get_jwt_identity())
                    query = (
                        db.session.query(Role.name)
                        .join(UserRole, Role.id == UserRole.role_id)
                        .filter(UserRole.user_id == current_user_id)
                    )
                    user_roles = {r[0] for r in query.all()}
                    if not any(role in user_roles for role in roles):
                        return jsonify({'error': 'Forbidden', 'message': 'Insufficient role'}), 403
                    return fn(*args, **kwargs)
                except Exception as e:
                    return jsonify({'error': str(e)}), 500
            wrapper.__name__ = fn.__name__
            return wrapper
        return decorator
except Exception:
    pass

